posted 01-04-2002 12:17 PM PT (US)
That's a bit misleading.
1) The vulnerability has existed for 3 years? It seems to me that w00w00 said that it is associated with the gaming options in AIM - and those are brand new, less than a year ago. Nevertheless, just for the sake of argument, assume that the "hole", or whatever you want to call it, has been there for three years.
The question is, is it really a vulnerability if no one knows about it? When this things are discovered, they tend to be reported immediately - no delay. Either that, or the exploits get used. When they are used, their intrusions tend to get discovered very very very quickly - then reported.
Here's a question: Did nuclear weapons technology exist before it was "discovered"? Of course not - the laws of physics remain the same, but until someone figures out how to use them to build a nuclear weapon, nuclear technology doesn't exist.
Well, the laws of physics have remained the same throughout AIM's existence, but until someone discovers how to use those laws of physics to hack into someone's computer using AIM, the "exploit" doesn't yet exist. So, the "hole" in AIM didn't exist until last week. You might be thinking, "How do YOU know it didn't exist until last week! It might've been known and unreported!!!" That's identical to asking, "How do YOU know that nuclear weapons technology didn't exist in the 1400s???" Well, for all I know, some character in Spain had all the scientific formulae written out in a notebook somewhere during the 1400s. But my question is, so what??? The real question to be asked, in a causal universe, is: How do you know it DOES exist? That's the only question that matters.
Mystical voodoo hocus pocus thinking (i.e., flawed) is the opposite - and the basis for all conspiracy paranoia. It goes something like this: "It could be...and I can't prove it isn't - therefore, I'm going to believe it is!!! (Escpecially since I it's scary if it's true, and I want to be cynical with regard to human nature.)" Just the other day, my own dad said that he believes that the Republicans are behind the destruction of the World Trade Towers; he believes that the government knew about it and just let it happen because it helped to solidify President Bush's position in the White House. Good lord - mystical voodoo hocus pocus dippity doo thinking. Next thing, he'll be showing up for church on Sundays to worship a "God" that he can't prove doesn't exist.
But here's the deceiving part that I wanted to get to:
2) "It's only now that the media found out that AOL is taking action on it."
3) "I find it interesting that those people are looked at as "hackers" and criminals as well"
It took one day for AOL to fix the problem (well, based upon their pre-reported projections). I'd say that one day is pretty smeggin' fast to patch a hole from the time of its existence.
Then there's the hacker issue. w00w00 should be ashamed of themselves. The reason that people know about this problem in advance is because these hackers found the hole - and then rather than just reporting to AOL about it, they publicised it on their website, which of course made it 'round to CNN and other news sites. The result? Before AOL has a chance to fix it, the entire smeggin' world is notified of the "hole", thus giving malicious hackers time to use the exploit before AOL could fix it. Shame on them. I can understand their wanting to get publicity for themselves, but that was just sleazy.